From Debian package 0.2.20091117-2 and 0.2.20100524-1

0.2.20091117-2:
* Allow udev to manage symlinks under /dev
* Allow udev to manage xenfs_t files, to write to etc_runtime_t (for ifstate),
  and to load modules.
0.2.20100524-1:
* Allow udev to read sym-links in it's config directory
0.2.20100524-1:
udev writing to etc_runtime_t is now in 483_network_run

dev_create_generic_symlinks was superseded by the addition of
dev_manage_generic_symlinks in upstream a124c0a8 (2010-03-17), but it is still here

Index: policy/modules/system/udev.te
===================================================================
--- policy/modules/system/udev.te.orig
+++ policy/modules/system/udev.te
@@ -72,6 +72,7 @@
 
 list_dirs_pattern(udev_t, udev_rules_t, udev_rules_t)
 read_files_pattern(udev_t, udev_rules_t, udev_rules_t)
+read_lnk_files_pattern(udev_t, udev_rules_t, udev_rules_t)
 
 manage_dirs_pattern(udev_t, udev_var_run_t, udev_var_run_t)
 manage_files_pattern(udev_t, udev_var_run_t, udev_var_run_t)
@@ -101,6 +102,7 @@
 
 dev_rw_sysfs(udev_t)
 dev_manage_all_dev_nodes(udev_t)
+dev_create_generic_symlinks(udev_t)
 dev_rw_generic_files(udev_t)
 dev_delete_generic_files(udev_t)
 dev_search_usbfs(udev_t)
@@ -306,6 +308,7 @@
 	kernel_read_xen_state(udev_t)
 	xen_manage_log(udev_t)
 	xen_read_image_files(udev_t)
+	fs_manage_xenfs_files(udev_t)
 ')
 
 optional_policy(`